The February 2023 issue of IEEE Spectrum is here!

Close bar

Feds Preach Cybersecurity to Carmakers

New U.S. guidelines would defend connected cars, which today are sitting ducks

2 min read
cybersecurity for cars
iStockphoto

The U.S. traffic safety agency has firmly nudged carmakers into tightening their standards for cybersecurity. And if the nudge fails, then enforceable rules will surely follow.

For now, though, the National Highway Transportation Safety Administration is calling its list of best practices mere guidelines. NHTSA published them last Monday, exactly three months after two researchers showed what’s at stake by remotely commandeering a Jeep Cherokee driving on a highway. The researchers described their cyberattack at a conference held in August. And they talked about other vulnerabilities last week

The main theme of the guidelines is that auto companies should make cybersecurity a priority. That would mean sharing information with rivals, for instance by logging and relaying the details of an attack through “seamless and direct communication channels,” so that other companies can devise countermeasures.

It’s not easy to force such close cooperation: Technology is now the most competitive aspect of the auto business.

NHTSA also wants companies to give outside developers less access to engine control units (ECUs). If a developer needs such access to debug a system, then the developer should have an interface that allows tinkering only with the relevant system.

As cars begin to connect, first with the infrastructure and then with each other, the risk increases that any attack will snowball. NHTSA wants all communications with the outside world—like the GPS navigation system—to run along channels that bypass ECUs.

One may wonder, though, exactly what scenario keeps NHTSA cybersecurity experts up at night. Today, if bad guys want to attack a car from a distance, they can (and do) use remotely controlled IEDs. So maybe the real threat is not to our bodies but to our digital secrets: A connected car may lead criminals to our bank accounts. And, as Willie Sutton said, that’s where the money is.

The Conversation (0)

Chinese Joint Venture Will Begin Mass-Producing an Autonomous Electric Car

With the Robo-01, Baidu and Chinese carmaker Geely aim for a fully self-driving car

4 min read
A black car sits against a white backdrop decorated with Chinese writing. The car’s doors are open, like a butterfly’s wings. Two charging stations are on the car’s left; two men stand on the right.

The Robo-01 autonomous electric car shows off its butterfly doors at a reveal to the media in Beijing, in June 2022.

Tingshu Wang/Reuters/Alamy
Purple

In October, a startup called Jidu Automotive, backed by Chinese AI giant Baidu and Chinese carmaker Geely, officially released an autonomous electric car, the Robo-01 Lunar Edition. In 2023, the car will go on sale.

At roughly US $55,000, the Robo-01 Lunar Edition is a limited edition, cobranded with China’s Lunar Exploration Project. It has two lidars, a 5-millimeter-wave radars, 12 ultrasonic sensors, and 12 high-definition cameras. It is the first vehicle to offer on-board, AI-assisted voice recognition, with voice response speeds within 700 milliseconds, thanks to the Qualcomm Snapdragon 8295 chip.

Keep Reading ↓Show less